package com.chenjun.core.auth;

import java.util.HashSet;
import java.util.List;
import java.util.Set;

import org.activiti.engine.identity.User;
import org.apache.commons.lang3.StringUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.DisabledAccountException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.CollectionUtils;

import com.chenjun.common.Constant;
import com.chenjun.common.model.DataGridModel;
import com.chenjun.core.dao.generator.entity.SysResource;
import com.chenjun.core.dao.generator.entity.SysUser;
import com.chenjun.core.service.sys.SysResourceService;
import com.chenjun.core.service.sys.SysUserRoleService;
import com.chenjun.core.service.sys.SysUserService;
import com.chenjun.core.vo.sys.UserRoleBean;

public class MasterWebRealm extends AuthorizingRealm {

	private final String tokenKey = "";

	@Autowired
	private SysUserService sysUserService;
	@Autowired
	private SysUserRoleService sysUserRoleService;
	@Autowired
	private SysResourceService sysResourceService;

	@Override
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) {
		// 获取登录的用户名
		String loginName = (String) principalCollection.fromRealm(getName()).iterator().next();

		if (StringUtils.isNotBlank(loginName)) {
			SimpleAuthorizationInfo info = new SimpleAuthorizationInfo();
			Set<String> strPermissions = new HashSet<String>(0);

			/*
			 * 设置权限
			 */
			DataGridModel dgm = new DataGridModel();
			dgm.setStart(0);
			dgm.setRows(0);
			dgm.getParams().put("userName", loginName);
			List<SysResource> resources = sysResourceService.doListByCondition(dgm);
			if (!CollectionUtils.isEmpty(resources)) {
				for (SysResource resource : resources) {
					strPermissions.add(resource.getPermissions());
				}
			}

			/**
			 * 角色设置
			 */
			List<UserRoleBean> beans = sysUserRoleService.dofListByCondition(dgm);
			if (!CollectionUtils.isEmpty(beans)) {
				Set<String> roles = new HashSet<String>(beans.size());
				for (UserRoleBean bean : beans) {
					roles.add(bean.getRoleId());
				}
				info.setRoles(roles);// 角色设置
			}

			info.setStringPermissions(strPermissions);
			return info;
		} else {
			throw new UnknownAccountException();// 没找到帐号
		}
	}

	@Override
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken)
			throws AuthenticationException {

		UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
		DataGridModel dgm = new DataGridModel();
		dgm.setRows(1);
		dgm.getParams().put("userName", token.getUsername());
		List<SysUser> users = sysUserService.doListByCondition(dgm);

		if (!CollectionUtils.isEmpty(users)) {
			SysUser user = users.get(0);
			if (user != null) {
				if ((Constant.State.DISABLED.toString()).equals(user.getDisabled())) {
					throw new DisabledAccountException(); // 账号已经被禁止登陆
				} else {
					return new SimpleAuthenticationInfo(user.getUserName(), user.getPassword(),
							ByteSource.Util.bytes(tokenKey), getName());
				}
			} else {
				throw new UnknownAccountException();// 没找到帐号
			}

		} else {
			throw new UnknownAccountException();// 没找到帐号
		}

	}

}
